package demo.controller;

import javax.servlet.http.HttpServletRequest;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;

import demo.entity.User;


/**
 * �û�Controller��
 * @author Administrator
 *
 */
@Controller
@RequestMapping("/user")
public class UserController {
	
	@RequestMapping("success")
	@RequiresAuthentication
	public ModelAndView showSuccessPage(HttpServletRequest request){
		ModelAndView modelAndView = new ModelAndView("success");
		modelAndView.addObject("user", request.getSession().getAttribute("user"));
		return modelAndView;
	}
	
	@RequestMapping("/admin")
	public String admin(HttpServletRequest request) {
		return "success";
	}
	
	@RequestMapping("/student")
	@RequiresRoles("student")
	public String student(HttpServletRequest request) {
		return "success";
	}	
	
	/**
	 * 这边如果是teacher:delete的，则会跳到验证不成功的里面去
	 * @param request
	 * @return
	 */
	@RequestMapping("/teacher")
	@RequiresPermissions(value={"teacher:add", "teacher:create"}, logical=Logical.AND)
	public String teacher(HttpServletRequest request) {
		return "success";
	}	

}
